From patchwork Wed Aug 22 14:41:57 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bernd Edlinger <bernd.edlinger@hotmail.de>
X-Patchwork-Id: 960994
Return-Path: 
 <gcc-patches-return-484196-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org
	(client-ip=209.132.180.131; helo=sourceware.org;
	envelope-from=gcc-patches-return-484196-incoming=patchwork.ozlabs.org@gcc.gnu.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=hotmail.de
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b="ZIWaPJpJ"; dkim-atps=neutral
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41wVcp0KJfz9s47
	for <incoming@patchwork.ozlabs.org>;
	Thu, 23 Aug 2018 00:42:16 +1000 (AEST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:to:subject:date:message-id:content-type:mime-version; q=dns; s=
	default; b=ZMYDLqpT8qeat1t2MprmqXuirUmWr+ESpCwpyYprtC612yeGXVjOE
	8+GkhzsBFJl5CzhedMvbfNaqFI65jqr6HuWB2cUCoMrnyMR165NZ9I7K/rJGNmIO
	IEHeWS6j7hFNuA2HsnyAtLNDA3MmwyoUGmaW7IYZWbosNEPTxH2IjQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:from
	:to:subject:date:message-id:content-type:mime-version; s=
	default; bh=4Fb+fGMpqFJtLw86L53gErDnIjM=; b=ZIWaPJpJAz/j3pb59Yd5
	ksWow5oCrsBC6JA923G2aoK7/5Mz1iiTuKfvejHdFDdXRxg2pn+J92Gwo8qOEjJN
	KFPfRZYysGZ2wnrDyTfaXVgDSjhsBHWMqfOW3rrd3Vs0RJFsSVCdfa8UZvhSvUiD
	RZ+igwvPWf+nKDRf3dGPnDU=
Received: (qmail 55755 invoked by alias); 22 Aug 2018 14:42:08 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 55742 invoked by uid 89); 22 Aug 2018 14:42:07 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-11.4 required=5.0 tests=AWL, BAYES_00,
	FREEMAIL_FROM, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE,
	SPF_HELO_PASS, SPF_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: EUR03-DB5-obe.outbound.protection.outlook.com
Received: from mail-oln040092071042.outbound.protection.outlook.com (HELO
	EUR03-DB5-obe.outbound.protection.outlook.com) (40.92.71.42)
	by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with
	ESMTP; Wed, 22 Aug 2018 14:42:06 +0000
Received: from AM5EUR03FT012.eop-EUR03.prod.protection.outlook.com
	(10.152.16.53) by
	AM5EUR03HT015.eop-EUR03.prod.protection.outlook.com
	(10.152.17.140) with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
	15.20.1080.9; Wed, 22 Aug 2018 14:41:57 +0000
Received: from AM5PR0701MB2657.eurprd07.prod.outlook.com (10.152.16.58) by
	AM5EUR03FT012.mail.protection.outlook.com (10.152.16.161)
	with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
	15.20.1080.9 via Frontend Transport;
	Wed, 22 Aug 2018 14:41:57 +0000
Received: from AM5PR0701MB2657.eurprd07.prod.outlook.com
	([fe80::24cf:823c:758c:41b7]) by
	AM5PR0701MB2657.eurprd07.prod.outlook.com
	([fe80::24cf:823c:758c:41b7%7]) with mapi id 15.20.1080.010;
	Wed, 22 Aug 2018 14:41:57 +0000
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
To: "gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>,
	Richard Biener	<rguenther@suse.de>, Jeff Law <law@redhat.com>
Subject: [PATCH] Improve checks in c_strlen (PR 87053)
Date: Wed, 22 Aug 2018 14:41:57 +0000
Message-ID: 
 <AM5PR0701MB2657DE3C14A57C8A18FD8158E4300@AM5PR0701MB2657.eurprd07.prod.outlook.com>
received-spf: None (protection.outlook.com: hotmail.de does not designate
	permitted sender hosts)
authentication-results: spf=none (sender IP is )
	smtp.mailfrom=bernd.edlinger@hotmail.de;
MIME-Version: 1.0

Hi!


This patch adds some more checks to c_getstr to fix PR middle-end/87053
wrong code bug.

Unfortunately this patch alone is not sufficient to fix the problem,
but also the patch for PR 86714 that hardens c_getstr is necessary
to prevent the wrong folding.


Bootstrapped and reg-tested on top of my PR 86711/86714 patch.
Is it OK for trunk?


Thanks
Bernd.

gcc:
2018-08-22  Bernd Edlinger  <bernd.edlinger@hotmail.de>

	PR middle-end/87053
	* builtins.c (c_strlen): Improve range checks.

testsuite:
2018-08-22  Bernd Edlinger  <bernd.edlinger@hotmail.de>

	PR middle-end/87053
	* gcc.c-torture/execute/pr87053.c: New test.

diff -Npur gcc/builtins.c gcc/builtins.c
--- gcc/builtins.c	2018-08-17 05:02:16.000000000 +0200
+++ gcc/builtins.c	2018-08-22 08:51:21.287960030 +0200
@@ -576,7 +576,7 @@ string_length (const void *ptr, unsigned
 tree
 c_strlen (tree src, int only_value, unsigned eltsize)
 {
-  gcc_assert (eltsize == 1 || eltsize == 2 || eltsize == 4);
+  gcc_checking_assert (eltsize == 1 || eltsize == 2 || eltsize == 4);
   STRIP_NOPS (src);
   if (TREE_CODE (src) == COND_EXPR
       && (only_value || !TREE_SIDE_EFFECTS (TREE_OPERAND (src, 0))))
@@ -665,10 +665,10 @@ c_strlen (tree src, int only_value, unsi
      a null character if we can represent it as a single HOST_WIDE_INT.  */
   if (byteoff == 0)
     eltoff = 0;
-  else if (! tree_fits_shwi_p (byteoff))
+  else if (! tree_fits_uhwi_p (byteoff) || tree_to_uhwi (byteoff) % eltsize)
     eltoff = -1;
   else
-    eltoff = tree_to_shwi (byteoff) / eltsize;
+    eltoff = tree_to_uhwi (byteoff) / eltsize;
 
   /* If the offset is known to be out of bounds, warn, and call strlen at
      runtime.  */
@@ -700,6 +700,10 @@ c_strlen (tree src, int only_value, unsi
   unsigned len = string_length (ptr + eltoff * eltsize, eltsize,
 				strelts - eltoff);
 
+  /* Don't know what to return if there was no zero termination.  */
+  if (len > maxelts - eltoff)
+    return NULL_TREE;
+
   return ssize_int (len);
 }
 
diff -Npur gcc/testsuite/gcc.c-torture/execute/pr87053.c gcc/testsuite/gcc.c-torture/execute/pr87053.c
--- gcc/testsuite/gcc.c-torture/execute/pr87053.c	1970-01-01 01:00:00.000000000 +0100
+++ gcc/testsuite/gcc.c-torture/execute/pr87053.c	2018-08-22 12:54:00.801019240 +0200
@@ -0,0 +1,17 @@
+/* PR middle-end/87053 */
+
+const union
+{ struct {
+    char x[4];
+    char y[4];
+  };
+  struct {
+    char z[8];
+  };
+} u = {{"1234", "567"}};
+
+int main ()
+{
+  if (__builtin_strlen (u.z) != 7)
+    __builtin_abort ();
+}